IT Security News Blast 8-7-2017

After the hearing, Hutchins’ lawyer Adrian Lobo denied he is the author and said he would be pleading not guilty to all of the charges, which date between July 2014 and July 2015. She said: “He fights the charges and we intend to fight the case. […] The indictment claims Hutchins created the malware that can side-step anti-virus software to steal banking usernames and passwords before conspiring with the co-defendant to sell it on internet forums. Prosecutors claim the co-defendant successfully sold the software for 2,000 dollars (£1,522) in digital currency in June 2015.

His attorney, Adrian Lobo, told reporters Hutchins would not be released on Friday because the clerk’s office for the court closed 30 minutes after his hearing concluded, leaving his defense team not enough time to post the bail. Lobo told a local NBC affiliate that Hutchins will be released on Monday and that she expected him to be on a flight on Tuesday to Wisconsin, where a six-count indictment against him was filed in U.S. District Court. He was receiving support from a “variety of sources” around the world to post his bail, she said. […] News of Hutchins’ arrest on Wednesday shocked other researchers, many of whom rallied to his defense and said they did not believe he had ever engaged in cyber crime.

Insulin pumps, Infusion pumps, and Pacemakers are three hospital devices that can be taken over. Program Director for Cyber Sciences at Augusta University, Dr. Michael Nowatkowski said, “They have wireless access to them that again don’t require any type of authentication.” He said some devices used to save people’s lives have some cyber safety flaws. “For this particular Infusion pump it has drug libraries that are in there that limit the amount of dosage for certain drugs a hacker could go in and change those limitations,” he said.

One of the vulnerabilities is in the built-in Window Web server running on the systems. “An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft Web server (port 80/tcp and port 443/tcp) of affected devices,” Siemens warned in its alert. The bug in the Web server software allows code injection onto the devices. The other three vulnerabilities are in the HP Client Automation Service software used to remotely manage the software deployed to the systems. They allow the remote injection of code using a crafted network request and then the execution of that code by exploiting a memory buffer bug.

The malicious emails contains an attachment document claiming “This document is encrypted by Outlook Protect Service” or that “This document is encrypted by Google Documents Protect Service,” according to a July 31 blog post. The attachment is actually a macro-laden Word document which extracts a malicious Jscript dropper. The malware saves malicious content in a .txt file and creates a scheduled task whose purpose is to execute the file. “The malicious JScript has robust capabilities that include anti-sandbox functionality, anti-analysis (obfuscation), retrieval of infected system information, listing of running processes, execution of custom commands and PowerShell scripts, loading of EXEs and DLLs, taking screenshots, uninstalling and updating itself, and possibly the ability to exfiltrate passwords,” the report said.

Rear Admiral Paul Thomas, assistant commandant for prevention policy at the US Coast Guard, stressed: “This is no longer an emerging threat; it is a very real threat and although we have made significant progress, it is very apparent that we have much work to do.” […] He explained the Coast Guard’s goal is to ensure that FSPs [facility security plans] and VSPs [vessel security plans] identify critical cyber systems and clearly outline who is in charge, how the systems are operated and maintained, what training is needed and what to do when intrusion or malfunction is detected. He added: “Ultimately, critical cyber systems at port facilities will be required to meet performance standards and operated and maintained as outlined in the FSP.

The lawsuit was launched by the Juscutum Attorneys Association, a law firm based in Ukraine. The association hopes to rally enough victims of the NotPetya ransomware attack and form a collective lawsuit against the M.E.Doc creators. For now, this lawsuit is still in its early stages, and it remains unclear whether anyone has even decided to press charges. It would certainly make sense to do so, as quite a lot of damage was caused by this malware strain. Articles regarding the lawsuit have been published by the Ukrainian press.

Mayor de Blasio quietly signed an executive order last month creating an ­office known as the New York City Cyber Command — a new outfit that’s intended to protect the city against online attacks and other cyber-threats. Without issuing a press release, Hizzoner signed the order on July 11 that launched the first such centralized cyber-defense of the city. City officials declined to provide a budget for the new initiative, saying it would come out when the budget is modified in the fall.

The Russians understand that conflict now will be in the cyber world. They will hack our industries, business, financial world and elections. Putin would like to get lackies into office like Trump, in all democracies. Since Putin is already reportedly the richest man in the world (200 billion), he wants to be the most powerful. He plans to do this by cyber warfare. […] We will win because our people are better educated, trained, experienced and motivated. There’s no way a techie working at the direction of the tyrant would be as motivated as one defending a free democracy.

“Moscow perceives the information domain as strategically decisive and critically important to control its domestic populace and influence adversary states. Information warfare is a key means of achieving its ambitions of becoming a dominant player on the world stage,” the report says. “Since at least 2010, the Russian military has prioritized the development of forces and means for what it terms ‘information confrontation,’ which is a holistic concept for ensuring information superiority, during peacetime and wartime. This concept includes control of the information content as well as the technical means for disseminating that content. Cyber operations are part of Russia’s attempts to control the threat environment.”

What they found was striking: participants flagged roughly 35 percent fewer statements for review on a simulated news site when they believed themselves to be working in a group setting than when they were presented the same statements in isolation. What’s more, simply displaying false or ambiguous information as part of a Facebook feed caused people to behave as if they were in a group setting, erasing any difference in their likelihood to flag headlines for fact-checking. […] “Animals hide out in herds and feel safer in herds, and similarly we feel safer in a crowd, and it manifests in lower fact-checking,”

Pervasive screens to occupy our attention, which can also be used as a method of surveillance? The deliberate use of language to fit a specific agenda? Altering or reframing history to conform to the state’s vision of itself? A cult of personality around a leader who remains largely a construct of the media? All of these are elements of Orwell’s novel and could also be a reality in many parts of the world today. […] Winston works for the Ministry of Truth, where he is responsible for rewriting records to maintain the version of history the state requires, as well as deleting people’s pasts.

[Lawmakers] on Capitol Hill have increasingly raised alarm about Russia’s efforts to target state and local election systems. In June, DHS officials testified before the Senate Intelligence Committee of evidence that Russia targeted election-related systems in 21 states. While none of the systems targeted were involved in vote tallying, the issue has heightened concern about the risk to voter registration databases and, separately, digital voting machines. It is also viewed broadly as undermining confidence in the democratic process—which the U.S. intelligence community said was Russia’s chief aim.

U.S. government’s cyber Scholarship-for-Service program would expand under Senate bill

The Cyber Scholarship Opportunities Act would expand the NSF’s CyberCorps: Scholarship-for-Service program, which awards grants and scholarships to students in exchange for agreeing to take on cybersecurity jobs in federal or state and local government after they graduate. The proposal, S. 754, which was marked up and approved unanimously Wednesday by the Senate Commerce, Science and Technology Committee, would expand the parameters of the SfS program so that it can include students studying part-time or in two year courses at community college. It also would mandate a series of pilots at community colleges around the country, including for military veterans.

The Federal Communications Commission proposal to repeal net neutrality rules ignores the public interest by favoring Internet service providers over other businesses and individuals, Democratic lawmakers told the FCC today. FCC Chairman Ajit Pai’s proposal to undo the rules “impermissibly ignores the Commission’s core mandate to fully consider the public interest before taking action,” violating the commission’s obligations under the Communications Act, the Democrats wrote in an FCC filing opposing Pai’s plan.

According to the suit, the Disney apps for both iOS and Android do not ask for parental permission before they use software development kits that assign unique identifiers to users and then use those identifiers to track the location of the users, as well as activities in-game and across multiple devices. The data is then fed to advertisers to serve up targeted ads.

Steganography Use on the Rise Among Cyber Espionage, Cybercrime Groups

Security researchers at Kaspersky Lab this week said they have come across at least three major cyberespionage campaigns in the past few months where threat actors have used steganography to hide stolen data and to communicate with command and control servers. […] The modifications to the images or video files are so minute that they usually have gone unnoticed and typical endpoint antimalware tools and APT tools are not designed to look for or spot data exfiltration that takes place this way.

The function of the inverter is to convert direct current into alternating current. Since Internet of Things devices are vulnerable to hacking, therefore, it is easily possible to gain control of as many inverters as hackers may want to. Resultantly, hackers can switch them off to affect power supply by creating an imbalance and enable power outages in different parts of Europe. […] Research also revealed that the flaws were present in inverters produced by German based inverter manufacturer SMA. This issue was reported to SMA by Westerhof in December 2016, and the company invited him too for further discussion, but until now there is hardly any progress in addressing the problem.

Three researchers, Marc Newlin and Logan Lamb, with Bastille Networks and Christopher Grayson with Web Sight, found 26 vulnerabilities within ISP network devices that would have given them remote admin access to the majority of home networks in the United States. The abstract of CableTap reads: “Our research revealed a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. We demonstrated that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through an affected gateway. We estimate tens of millions of ISP customers are affected by these findings.”

I’m not saying you should stop at these 10 since each properly configured group policy setting can reduce risk. I am saying that 10 settings determine most of your risk — everything else is gravy. When I start looking at a new group policy, the first thing I do is scan these 10 settings. If they’re set correctly, I know the customer is doing the right thing and my job will be easier. Get these 10 settings right, and you’ll go a long way toward making your Windows environment more secure. Each of these falls under the Computer Configuration\Windows Setting\Security Settings leaf.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.